That’s always been my motto in terms of security. I’ve been working in consulting for some years. I’ve almost seen and done it all…Nope. Just kidding… Security-wise I’ve run across lots of situations: some bad, some so-and-so, and some really bad. After more than 2 decades working in IS/IT my list of things to look-out for in terms of security is a bit extensive…

To Wit:

- Although long in the tooth, there are attacks that keep on working in this day and age. Phishing comes to mind;

- IT departments still have an historical approach when dealing with (IT) Security, i.e., they always think all security issues can be dealt with by buying more tools. Nope. That’s not the way to go. The Way to deal with security is by using a bottom-up approach, meaning we have to start from scratch (empowerment, processes, etc.);